User guide, Scan attacks defense – Luxul XBR-2300 User Manual

Page 35

User Guide

Other trademarks and registered trademarks are the property of their respective owners

Scan Attacks Defense

IP Scan: A source IP sends ICMP request packets to 10 different destination IP ad-
dresses within the defined time limit. The XBR-2300 drops all ICMP requests once the
limit is reached

Port Scan: A source IP sends TCP SYN request packets to 10 different ports of one
destination address within the defined time limit. The XBR-2300 drops all request
packets once the limit is reached

IP Cheat: Attempts to block LAN devices using an Internet Proxy to bypass
access restrictions.

NOTE:

This function takes effect on LAN ports

Denial of Service (DoS) Attacks Defense

ICMP Flood: If ICMP request packets exceed the specified limit, all ICMP
traffic will be blocked

UDP Flood: If UDP packets exceed the specified limit, all UDP traffic will
be blocked

SYN Flood: If TCP SYN packets targeted to a specific IP Address exceed the specified
limit, all TCP SYN requests will be blocked

LAND Attack: When enabled, the XBR-2300 will attempt to drop all traffic that
matches the following definition: SYN packets that include the device’s IP address as
both the source and destination IP address

WinNuke: When enabled, the XBR-2300 will attempt to drop all traffic that matches
the following definition: TCP fragments (usually configured as URG NetBIOS port 139)
are sent to connected devices, causing fragment overlapping